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CLAIMS: 

1. A method of providing to a client communications device access to a 
subscription module of a server communications device, tlie method 

5 comprising the steps of 

- establishing (301) a communications link between the client 
communications device (300) and the sender communications device 
(310); and 

- communicating (304;403,404) a number of messages (M) comprising 
10 data related to the subscription module (318) between the server 

communications device and the client communications device via the 
communications link; 

characterised in that 

the method further comprises the step of providing (402,405) integrity 
protection of the messages communicated between the server 
communications device and the client communications device via the 
communications link. 

2. A method according to claim 1 , characterised in that the step of providing 
Integrity protection further comprises calculating, based on a secret session 
key, a respective message authentication code for each of the communicated 
messages; and including the calculated message authentication code into 
the corresponding communicated message. 

3. A method according to claim 2, characterised In that the step of 
establishing a communications link between the client and server 
communications devices comprises determining a secret session key based 

30 on a shared secret between the server and client communications devices. 
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4. A method according to claim 3, characterised in that the method further 
comprises providing the shared secret by performing a secure pairing 
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procedure including receiving a passcode by at least one of the client 
communications device and the server communications device. 

5. A method according to claim 4, characterised in that the passcode is at the 
5 most 48 bits long. 

6. A method according to claim 3, characterised in that the communications 
link has a secret linl< l^ey related to it and the method further comprises 
providing the shared secret by calculating the shared secret using the secret 

10 link key as an input. 

7. A method according to any one of claims 2 through 6, characterised in that 
the method further comprises 

* incorporating a value of a first counter In each of the messages 
15 communicated from the client communications device to the server 
communications device, the first counter being indicative of the number of 
messages communicated from the client communications device to the 
server communications device; and 
- incorporating a value of a second counter in each of the messages 
20 communicated from the server communications device to the client 
communications device, the second counter being indicative of the 
number of messages communicated from the server communications 
device to the client communications device; 
and the step of calculating a respective message authentication code for 
25 each of the communicated messages comprises calculating a message 
authentication code for each of the communicated messages and the 
corresponding counter value. 

8. A method according to any one of claims 1 through 7 characterised in that 
30 the method further comprises determining, for the messages communicated 

from the client communications device to the server communications device, 
whether the message Is authorised to address the subscription module. 
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9. A method according to claim 8, characterised in that the method further 
comprises providing a shared secret between the client communications 
device and the server communications device; and providing an access 
control list stored in the server communications device in relation to at least 

5 one of the shared secret and the client communications device. 

10. A communications system comprising a client communications device 
(106,206) and a server communications device (101,201) including a 
subscription module(102;202), the client and server communications devices 

10 each comprising respective communications means (110,104;204,210) for 
establishing a communications link (115) between the client communications 
device and the server communications device, and for communicating a 
number of messages comprising data related to the subscription module 
between the server communications device and the client communications 

1 5 device via the communications link; 

characterised in that 

the client communications device and the server communications device 
20 each comprise respective processing means (105,107;203,209) adapted to 
provide Integrity protection of the messages communicated between the 
server communications device and the client communications device via the 
communications link. 

25 11. A server communications device including a subscription module, the 
server communications device comprising communications means for 
establishing a communications link with a client communications device, and 
for communicating a number of messages comprising data related to the 
subscription module between the server communications device and the 

30 client communications device via the communications link; 

characterised in that 
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the server communications device comprises processing means adapted to 
provide Integrity protection of tlie messages communicated between the 
server communications device and the client communications device via the 
communications lini<. 

5 

12. A client communications device for providing access to a subscription 
module of a server communications device, the client communications device 
comprising communications means for establishing a communications link 
with the server communications device including the subscription module, 

10 and for communicating a number of messages comprising data related to the 
subscription module between the client communications device and the 
server communications device via the communications link; 

characterised in that 

15 

the client communications device comprises processing means adapted to 
provide Integrity protection of the messages communicated between the 
client communications device and the server communications device via the 
communications link. 

20 

13. A method of providing to a client communications device access to a 
subscription module by a server communications device comprising the 
subscription module, the method comprising the steps of 

- establishing (301) a communications link between the client 
25 communications device (300) and the server communications device 

(310); and 

- receiving (404) a number of messages from the client communications 
device by the server communications device via the communications link, 
the messages addressing the subscription module (318); 

30 

characterised in that 
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the method further comprises the step of determining (701), for at least one 
of the received messages, whether the message is authorised to address the 
subscription module. 

5 14. A method according to claim 13, characterised in that the method further 
comprises providing integrity protection of the messages communicated 
between the server communications device and the client communications 
device via the communications link, where the Integrity protection Is based on 
a shared secret between the client communications device and the server 
10 communications device; and providing an access control list stored in the 
server communications device in relation to at least one of the shared secret 
and the client communications device. 

15. A method according to claim 14, characterised In that the access control 
1 5 list is stored in a protected database. 

16. A method according to claim 14 or 15, characterised in that the method 
further comprises calculating, based on a secret session key, a respective 
message authentication code for each of the communicated messages; and 

20 including the calculated message authentication code into the corresponding 
communicated message. 

17. A method according to claim 16, characterised in that the step of 
establishing a communications link between the client and server 

25 communications devices comprises determining the secret session key 
based on said shared secret between the server and client communications 
devices. 

18. A method according to claim 17, characterised in that the method further 
30 comprises providing the shared secret by performing a secure pairing 

procedure including receiving a passcode by at least one of the client 
communications device and the server communications device. 
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19. A method according to claim 18, characterised in that the passcode is at 
the most 48 bits long. 

20. A method according to claim 18, characterised in that the 
5 communications linic has a secret link key related to It and the method further 

comprises providing the shared secret by calculating the shared secret using 
the secret link key as an input. 

21. A method according to any one of claims 14 through 20, characterised in 
1 0 that the method further comprises 

- incorporating a value of a first counter in each of the messages 
communicated from the client communications device to the server 
communications device, the first counter being indicative of the number of 
messages communicated from the client communications device to the 

1 5 server communications device; and 

- incorporating a value of a second counter in each of the messages 
communicated from the server communications device to the client 
communications device, the second counter being indicative of the 
number of messages communicated from the server communications 

20 device to the client communications device; 

and the step of calculating a respective message authentication code for 
each of the communicated messages comprises calculating a message 
authentication code for each of the communicated messages and the 
corresponding counter value. 

25 

22. A server communications device including a subscription module, the 
server communications device comprising communications means for 
establishing a communications link with a client communications device, and 
for receiving a number of messages addressing the subscription module from 

30 the client communications device via the communications link; 



characterised in that 
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the server communications device comprises processing means for 
determining, for at least one of tlie received messages, wlietlier the message 
is authorised to address the subscription module. 



